Skip to content
English
  • There are no suggestions because the search field is empty.

Third-Party Supplier Register

This article goes over what are third-party suppliers, and why it is important to register them in Copla Registry.

Topics covered in this page:

 


What Is a Third Party

A third party is any external individual, vendor, or organization that operates outside your company’s internal structure but provides services, products, or operational support.

This includes (but is not limited to):

  • Technology providers and SaaS platforms

  • Consultants and contractors

  • Hosting services or cloud providers

  • Outsourced business partners

  • Any supplier with whom your organization has a formal or informal working relationship


Why It Matters

Some third parties:

  • Access or process sensitive data

  • Integrate with internal systems

  • Support critical business operations

Because of this, it’s essential to:

  • Clearly identify all third parties

  • Understand the scope of services they provide

  • Assess how they interact with your systems, data, or infrastructure

     


 

Purpose Of The Register

The Third-Party Supplier Register is designed to:

  • Provide centralized visibility into external dependencies

  • Support risk assessments and compliance efforts

  • Improve accountability and supplier oversight

Please complete the register with accurate, up-to-date information for each third party your team engages with.


Examples of Common Third-Party Vendors

#

Vendor Type

Vendor Name

Services Provided

1

SaaS Platform

Atlassian Pty Ltd

Project management and collaboration (Jira, Confluence)

2

Cloud Infrastructure

Amazon Web Services EMEA SARL

Cloud computing, storage, networking

3

Accounting/Finance

UAB http://B1.lt

Accounting, tax and payroll services

4

Legal Services

Sorainen

Corporate legal and compliance advisory

5

Software Development

UAB Devbridge

Custom application development and maintenance

6

CRM & Sales Automation

Salesforce Ireland Ltd

Customer relationship management and sales tracking

7

IT Helpdesk & Support

UAB ITSupportas

End-user support and IT troubleshooting services

8

HR & Recruitment

UAB PeopleLink

Recruitment and hiring services

9

Security Testing

UAB CyberTest

Penetration testing and vulnerability assessments

10

Email & Productivity Suite

Google Ireland Ltd

Email, document storage, collaboration (Google Workspace)

11

Payment Processing

Stripe Payments Europe, Ltd

Online payments and billing infrastructure

12

Code Repository

GitHub, Inc.

Source code repository, CI/CD integration

13

Marketing Automation

Mailchimp

Email marketing and customer engagement automation

14

Domain & DNS Management

GoDaddy Inc.

Domain registration, DNS configuration

15

Data Analytics

Looker (Google)

Business intelligence and data visualization

16

Time Tracking

Toggl OÜ

Employee time tracking and productivity tools

17

Background Checks

First Advantage

Employee screening and criminal record verification

18

E-Signature

DocuSign Inc.

Digital contract signing and workflow management

19

Learning Management System

Coursera, Inc.

Training, awareness, and employee learning platforms

20

Backup & Disaster Recovery

Veeam Software

Backup, replication, and disaster recovery solutions


 

Step-by-Step Instructions

 

  1. Accessing the Register

    • Log in to the system and navigate to the “Dynamic Registers” section.

    • Click on “Register List”.

    • Select “Third-Party Supplier Register” from the list.

  2. Understanding the Supplier List

    • The register includes pre-filled data fields to guide what information must be entered for each third-party supplier.

      • If a supplier type is not used, delete the corresponding row.

      • If a supplier is in use, update the fields with:

        • The actual supplier name

        • Relevant supporting details (e.g. service type, contact info, data access level)

  3. Supplier Identification

    • Assign a unique entry number in the Nr. column.

    • In the Vendor Name field, enter the supplier’s exact legal name (as shown in contracts or official documentation).


Column-by-Column Completion Guide

Column

Description

Nr.

Sequential number of the vendor entry.

Vendor Name

Full legal name of the third-party vendor.

Vendor Contact Person, Contact’s Details

Name, email, phone, and role of the primary contact person at the vendor.

Services/Products Provided

Short description of services or products procured from the vendor.

Information Shared

List the types of information shared with the vendor (e.g., documents, audit reports, credentials).

Information Classification

Classification level of shared information (e.g., Confidential, Internal Use).

Contract Start Date

Date when the agreement with the vendor begins.

Contract End Date

Date when the agreement with the vendor ends.

Security Clauses

Summary of security-related clauses included in the contract (e.g., access controls, data protection).

Access Rights Provided

Systems, platforms, or data the vendor is allowed to access.

Access Control Methods

Technical or procedural methods used to control access (e.g., VPN, MFA).

Risk Level

Risk classification of the vendor (e.g., High, Medium, Low).

Third-party Certifications

Any certifications held by the vendor (e.g., ISO 27001:2022).

Risk Mitigation Measures

Measures in place to manage vendor-related risks (e.g., SLAs, NDAs).

Service Level Agreements (SLAs)

Any relevant service level commitments or guarantees.

Compliance Requirements

Regulatory or legal frameworks the vendor must comply with (e.g., DORA, NIS2).

Monitoring and Audit Schedule

How and how often the vendor is monitored or audited (e.g., annually).

Security Incident Reporting

Agreed process for incident reporting (e.g., “Incident Portal”).

Review Date

Date of the last internal review or audit of the vendor.

Next Review Date

Date scheduled for the next vendor review.